Galaxy S23 Ultra First Look After Layoffs, Meta Focuses on 'Efficiency' Everything Samsung Revealed at Unpacked 'Angel Wings' for Satellites 'Shot on a Galaxy S23' GABA and Great Sleep Netflix's Password-Sharing Crackdown 12 Best Cardio Workouts
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

Don't call it in

Don't call it in

It's called Vishing, and it's yet another way that phishers are trying to get you to give up your personal information--this time over the telephone. In a presentation at Black Hat, Jay Schulman outlined just how criminal hackers are able to do this. Essentially it's a man-in-the-middle attack using VoIP. By recording legitimate telephone services from well-known financial institutions, criminal hackers can, using open-source PBX software such as Asterisk, re-create a realistic-sounding interactive voice recognition system on their own. Because many of these scams come from Eastern Europe and target Americans, the use of text-to-speech software further disguises any accent, lulling phone callers into handing over their info. In Schulman's example, victims call in and provide the criminal attacker with credit card and zip information, but when they are asked to check their bank balance, they are often handed over to a live telephone operator at the bank in question. The criminal hackers, in this case, are in the middle, recording all the personal information provided. Schulman reminded the audience to call the number on the back of your credit card, not some number sent to you via e-mail. Further, he asked that financial institutions start educating the public about these scams.